Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/UserAction.java
===================================================================
diff -u -rf741601968539b96b0d6e9df19ec21fab64c16e2 -rcd7ba635f93755dd233ff93c394718d2f6bc2966
--- lams_admin/src/java/org/lamsfoundation/lams/admin/web/UserAction.java	(.../UserAction.java)	(revision f741601968539b96b0d6e9df19ec21fab64c16e2)
+++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/UserAction.java	(.../UserAction.java)	(revision cd7ba635f93755dd233ff93c394718d2f6bc2966)
@@ -38,6 +38,7 @@
 import org.apache.struts.action.ActionMapping;
 import org.apache.struts.action.DynaActionForm;
 import org.lamsfoundation.lams.usermanagement.Organisation;
+import org.lamsfoundation.lams.usermanagement.OrganisationType;
 import org.lamsfoundation.lams.usermanagement.Role;
 import org.lamsfoundation.lams.usermanagement.SupportedLocale;
 import org.lamsfoundation.lams.usermanagement.User;
@@ -71,7 +72,7 @@
 
 	private static Logger log = Logger.getLogger(UserAction.class);
 	private static IUserManagementService service;
-	private static List allRoles;
+	private List rolelist;
 	private static List<SupportedLocale> locales;
 	
 	public ActionForward edit(ActionMapping mapping,
@@ -83,18 +84,16 @@
 		if(orgId != null) {
 		    request.setAttribute("org",orgId);
 		}
+		OrganisationType orgType = ((Organisation)getService().findById(Organisation.class,orgId)).getOrganisationType();
 		
-		request.setAttribute("canEdit",true);
 		// remove sysadmin from role list for non-sysadmin users
 		User requestor = (User)getService().getUserByLogin(request.getRemoteUser());
-		if(!getService().isUserInRole(requestor.getUserId(),getService().getRootOrganisation().getOrganisationId(),Role.SYSADMIN)){
-			Role sysadmin = new Role();
-			sysadmin.setRoleId(Role.ROLE_SYSADMIN);
-			allRoles.remove(sysadmin);
-			// set canEdit flag for non-sysadmin users
-			request.setAttribute("canEdit",false);
-		}
-		request.setAttribute("rolelist",allRoles);
+		Boolean isSysadmin = getService().isUserInRole(requestor.getUserId(),getService().getRootOrganisation().getOrganisationId(),Role.SYSADMIN);
+		rolelist = getService().getRolesForOrgType(orgType,isSysadmin);
+		Collections.sort(rolelist);
+		request.setAttribute("rolelist",rolelist);
+		// set canEdit for whether user should be able to edit anything other than roles
+		request.setAttribute("canEdit",isSysadmin);
 		request.setAttribute("locales",locales);
 		
 		// editing a user
@@ -168,9 +167,7 @@
 		if(service==null){
 			WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(getServlet().getServletContext());
 			service = (IUserManagementService) ctx.getBean("userManagementServiceTarget");
-			allRoles = getService().findAll(Role.class);
 			locales = getService().findAll(SupportedLocale.class);
-			Collections.sort(allRoles);
 			Collections.sort(locales);
 		}
 		return service;